Phishing phishers and tracing their identities

security, study July 4, 2007

Two fellow students of IT-Security at my university recently came up with an idea [paper] on catching phishers and tracing their identities. The idea is quite simple:

1.) collect some recent phishing sites, e.g. from Google or Microsoft
2.) create user credentials such as name, bank, account number, TANs etc. (e.g. from wordlists, dictionaries)
3.) send these special credentials (called ‘phoneytokens’) to the phishing sites

When the phisher[s] now visit the bank site and enter a phoneytoken, it is detected by the system and the phisher is being redirected to a honeypot system (called ‘phoneypot’) instead of the real banking application. This phoneypot looks like the real banking application and can collect data about the phisher, revealing organizational structures of the phishing system and hopefully the phisher himself.

Talks with German banks are currently in progress, let’s see how this will work in practice. I’ll keep you up to date.
If you have any input, you can write to the authors mentioned in the paper or to me, of course.

see you, cordney*

Entry Feed Trackback Del.icio.us Digg Technorati

Leave a Reply

:mrgreen: :neutral: :twisted: :shock: :smile: :???: :cool: :evil: :grin: :oops: :razz: :roll: :wink: :cry: :eek: :lol: :mad: :sad: